APK signature verification: use FileChannel#size (310edbe3) · Commits · e / os / android_frameworks_base

core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -209,7 +209,7 @@ public class ApkSignatureSchemeV2Verifier {
		if (contentDigests.containsKey(CONTENT_DIGEST_VERITY_CHUNKED_SHA256)) {
		byte[] verityDigest = contentDigests.get(CONTENT_DIGEST_VERITY_CHUNKED_SHA256);
		verityRootHash = ApkSigningBlockUtils.parseVerityDigestAndVerifySourceLength(
		verityDigest, apk.length(), signatureInfo);
		verityDigest, apk.getChannel().size(), signatureInfo);
		}

		return new VerifiedSigner(

core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -211,7 +211,7 @@ public class ApkSignatureSchemeV3Verifier {
		if (contentDigests.containsKey(CONTENT_DIGEST_VERITY_CHUNKED_SHA256)) {
		byte[] verityDigest = contentDigests.get(CONTENT_DIGEST_VERITY_CHUNKED_SHA256);
		verityRootHash = ApkSigningBlockUtils.parseVerityDigestAndVerifySourceLength(
		verityDigest, apk.length(), signatureInfo);
		verityDigest, apk.getChannel().size(), signatureInfo);
		}

		return new VerifiedSigner(result.first, result.second, verityRootHash, contentDigests);

core/java/android/util/apk/ApkSigningBlockUtils.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -368,7 +368,7 @@ public final class ApkSigningBlockUtils {
		SignatureInfo signatureInfo) throws SecurityException {
		try {
		byte[] expectedRootHash = parseVerityDigestAndVerifySourceLength(expectedDigest,
		apk.length(), signatureInfo);
		apk.getChannel().size(), signatureInfo);
		VerityBuilder.VerityResult verity = VerityBuilder.generateApkVerityTree(apk,
		signatureInfo, new ByteBufferFactory() {
		@Override

core/java/android/util/apk/VerityBuilder.java

+4 −4

Original line number	Diff line number	Diff line
		@@ -90,7 +90,7 @@ public abstract class VerityBuilder {
		throws IOException, SecurityException, NoSuchAlgorithmException, DigestException {
		long signingBlockSize =
		signatureInfo.centralDirOffset - signatureInfo.apkSigningBlockOffset;
		long dataSize = apk.length() - signingBlockSize;
		long dataSize = apk.getChannel().size() - signingBlockSize;
		int[] levelOffset = calculateVerityLevelOffset(dataSize);
		int merkleTreeSize = levelOffset[levelOffset.length - 1];

		@@ -108,7 +108,7 @@ public abstract class VerityBuilder {
		@NonNull SignatureInfo signatureInfo, @NonNull ByteBuffer footerOutput)
		throws IOException {
		footerOutput.order(ByteOrder.LITTLE_ENDIAN);
		generateApkVerityHeader(footerOutput, apk.length(), DEFAULT_SALT);
		generateApkVerityHeader(footerOutput, apk.getChannel().size(), DEFAULT_SALT);
		long signingBlockSize =
		signatureInfo.centralDirOffset - signatureInfo.apkSigningBlockOffset;
		generateApkVerityExtensions(footerOutput, signatureInfo.apkSigningBlockOffset,
		@@ -339,11 +339,11 @@ public abstract class VerityBuilder {
		eocdCdOffsetFieldPosition + ZIP_EOCD_CENTRAL_DIR_OFFSET_FIELD_SIZE;
		consumeByChunk(digester,
		DataSource.create(apk.getFD(), offsetAfterEocdCdOffsetField,
		apk.length() - offsetAfterEocdCdOffsetField),
		apk.getChannel().size() - offsetAfterEocdCdOffsetField),
		MMAP_REGION_SIZE_BYTES);

		// 5. Pad 0s up to the nearest 4096-byte block before hashing.
		int lastIncompleteChunkSize = (int) (apk.length() % CHUNK_SIZE_BYTES);
		int lastIncompleteChunkSize = (int) (apk.getChannel().size() % CHUNK_SIZE_BYTES);
		if (lastIncompleteChunkSize != 0) {
		digester.consume(ByteBuffer.allocate(CHUNK_SIZE_BYTES - lastIncompleteChunkSize));
		}